Unofficial news and tips about Google

July 19, 2006

Encrypt Gmail Traffic

By default, Gmail uses a secure connection (SSL) to check your credentials (username and password), but after that it redirects to a http connection.

Gmail encodes with gzip all the sent/ received data to transfer it faster, but this can be easily unzipped if a network sniffer monitors the traffic.

The https protocol uses more resources on both ends to encrypt and decrypt the traffic, so that's why Google didn't make it the default option.

If you want to encrypt your connection to Gmail, there is a simple option: bookmark https://mail.google.com, and use it instead of gmail.com or install a Firefox extension called Customize Google. The extension also switches Google Calendar to a SSL connection.